d588d4a6db4bdce48fbd3be02c982c23_JaffaCakes118 | Triage

Sharing

Copy URL Twitter E-mail

General

Target

d588d4a6db4bdce48fbd3be02c982c23_JaffaCakes118
Size

36KB
MD5

d588d4a6db4bdce48fbd3be02c982c23
SHA1

122bf3148a7f0e22e4dd765d6cc7ac0941fae105
SHA256

ea7db0ef57c5b4b64c26ee7188a02ba677040f7476e7797dc82c46778df540e7
SHA512

85c271802c6771762edc4c43154e2a61f30938f9ec82488091a68e388ce39accbf5a94cce68720f98d0c8acda30efc7b574d742d26a0303a30dfe21ca76402ce
SSDEEP

384:U4fD5lwabfOlpf6zOds+/K1rSPXIK/EOFJW/p:EarOlwYUrSvIK/Tbk

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
d588d4a6db4bdce48fbd3be02c982c23_JaffaCakes118

Files

d588d4a6db4bdce48fbd3be02c982c23_JaffaCakes118
.exe windows:4 windows x86 arch:x86

1f42781170854f0316f4d74867a2ee52

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

??1type_info@@UAE@XZ
fopen
memcpy
strchr
strstr
wcscmp
_EH_prolog
_CxxThrowException
__CxxFrameHandler
time
atoi
memset
strrchr
sprintf
strcat
strcpy
strlen
_strnicmp
_stricmp

shlwapi

SHSetValueA
SHGetValueA

wininet

InternetCheckConnectionA
InternetSetOptionA
InternetCrackUrlA

kernel32

CopyFileA
lstrlenA
MultiByteToWideChar
GetCurrentThreadId
lstrlenW
WideCharToMultiByte
GetCurrentProcessId
Sleep
GetModuleFileNameA
GetEnvironmentVariableA
CreateThread
CreateProcessA
MoveFileExA
GetTickCount
GetProcessHeap
HeapFree
ExitProcess
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
HeapAlloc

ole32

CoInitialize
CoCreateInstance
CoUninitialize

oleaut32

SysFreeString
SysAllocString
SysAllocStringLen
VariantClear

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE